Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

netbuzz writes "A federal jury in Knoxville today has convicted David Kernell, 22, of two charges — misdemeanor computer fraud and felony obstruction of justice — in connection with the 2008 episode where he accessed the personal Yahoo email account of Republican vice presidential candidate Sarah Palin and then initiated a worldwide rummaging of its contents. The obstruction charge carries a maximum prison term of 20 years."

Yes, Palin only said that you could see Russia from Alaska, which is only a hair less idiotic when you consider that she was trying to claim that as a reason for why she has experience in international politics. Most people don't differentiate because both comments are so idiotic that there isn't a difference worth caring about.

"They're our next door neighbors and you can actually see Russia from land here in Alaska." The actual quote, and an actual fact.

she was trying to claim that as a reason for why she has experience in international politics

In context, that is not her claim. However, it should be noted that Palin engaged in international treaty negotiations, as a representative of the United States as well as Alaska, with Canada. The topic was a natural gas pipeline. In the

One is a felony Mail tampering, one is computer tampering. Email is not considered the same as regular Mail.

And while my mailbox has a lock on it, it is simple and easy to bypass, I'd hate to see people make the same excuses for someone lifting mail from my box as they do for people lifting email from Hotmail (or whatever).

It's not necessarily special to me; however, I see that you've listed your email address which makes it incredibly easy for me, a person with no other information about you, to invade your privacy. Going through your regular mail requires physical access to it. I can try getting at your email from almost anywhere on the planet, or probably even off of it. In that case, there may be some question about the precedence of local laws and such. Which state laws apply? The state of the accused, the state where th

The USPS is an agency of the US government, while email is just an agreed upon standard and service provided by private entities. Snail mail is handled by USPS (government) employees from the the time the sender gives it to the USPS, until the USPS gives it to the recipient. Email is handled by multiple servers, routing packets from one point to another, which are (almost entirely) owned by private entities.

In the case of international snail mail, the laws that apply to the USPS only apply while it is wit

Why bother picking a lock when there's so many other easier ways to get into the average house? Breaking a window is trivial, drilling out a lock isn't hard, etc. To someone even mildly determined to get in, the average house lock is less of a issue than a weak password is for an email account.

While it's certainly smarter to have a strong password than a weak one, to say that having a weak password should mean that you take on some of the legal responsibility for a crime committed against you by someone else is ridiculous.

It is still considered theft if someone enters my house and takes some of my belongings even if I leave my door is unlocked. Ditto for leaving the keys in my car and someone takes it or leaving the car running unattended while I go into a store or something.

For some reason a lot of/. people seem to think that not securing your property suddenly makes it fair game for anyone who wants to take it. The crime occurs when someone takes something that doesn't belong to them regardless of how well or how poorly it is secured.

Personally, I lock my doors, don't leave my keys in my car, set up a RADIUS server for my wireless authentication, etc. I'd rather my stuff not get stolen or my network get broken into in the first place. There was a time when people respected other people's privacy and property. That doesn't seem to happen any more.

In real life I'd totally agree. But you don't secure your house with a lock which opens if you state the place where you met your future husband as prove of your identity. Just imagine how a case of trespassing would end in court if you had such kind of security.

He crossed a line, but is it really computer fraud if you bypass a system by common knowledge?

Whenever I'm forced to state my favorite dog or my mother's maiden name I type some

I understand (and agree) that the guy should be punished for hacking this account, but how come nothing ever happend about Palin conducting official State business using her personal email account? Is it because the information was technically obtained illegaly? Or did something happen and I just missed it...?

She's a master at evading responsiblity. She even supposedly got her daughter off scot-free for $20K in damages to someone else's house during a party. See here [alaskawtf.com] and here [blogspot.com].

As long as there is corrupt cronyism, the guilty can do whatever they want.

More unsubstantiated hear say to go along with all of the other whispers about Sarah and her family.

So basically a home up for sale was broken into by 3 adult boys, some underage boys and some underage girls. A party occurred and some damage was done. When caught, all of the boys blame one of the underage girls, whose mother just happens to be the ex-governor of the state. The ex-governor then starts calling in favors, intimidating the other parents and calling secret meetings with state officials to c

I have no idea what she may or may not have done while she was there, but there's no way that she thought it was legal for her to be in that house doing whatever it was she was doing. Let's say, for sake of argument, that some random guy broke down my front door and then, later, Willow Palin noticed my door was open, walked in, spent several hours hanging out in my house, broke nothing and took nothing. Unless I'm crazy (which is always a possibility), it's still criminal trespassing. If she accompanied

No, that's not it. As long as the person is not working as an "agent of the state", anything they do is admissible. This came up when a hacker kept hacking into pedophiles' computers and turning them into the police. The courts ruled he was not working as an agent of the state, since the police had no control over him.

Wow, that's a slippery slope. So the police can "encourage" third parties to obtain evidence illegally, then use that evidence. For various definitions of "encourage" which will include pay, bribe, threaten, trade, plea-bargain, extort, harass, intimidate, and some I probably haven't thought of.

Wow, that's a slippery slope. So the police can "encourage" third parties to obtain evidence illegally, then use that evidence. For various definitions of "encourage" which will include pay, bribe, threaten, trade, plea-bargain, extort, harass, intimidate, and some I probably haven't thought of.

And if the police did any of those things, the third party would automatically become an agent of the state. Just like an employee.

Cop: "Hey Louie, I haven't arrested you in months. Living clean?"Louie: "Yeah, don't bother me. I've been staying outta trouble."Cop: "Look Louie, I think I smell something in your car. I think I have to run you in. Or maybe you can help me out. I need some stuff that's in that house over there."

You don't recall correctly. The story was that someone who used to work at Google, and who now works for the administration, had according to his Google Buzz, several senior Google people as some of his most frequent contacts. And was complaining, publicly, about the privacy implications of Buzz.

Two years only happens in extenuating circumstances (say, a woman kills her rapist after the fact; it's murder, but it's really hard to apply a tough sentence). Murder is rarely punished with a mere two years. That said, sentencing guidelines are fscked up, because it's always easier to appear "tough on crime" than it is to establish just guidelines.

Also, the maximum sentence is 20 years, not the average sentence. Obstruction of justice covers a lot of scenarios, so the 20 years is for the guy who goes around cleaning the blood and fingerprints off the murder weapons of a friend of his (yes, accomplice after the fact to murder would cover this, but you get the idea). I have a really hard time believing this guy will get anything close to 20 years.

> it seems like u.s. justice system is so fucked up.It probably is. But your post here, vastly understating murder sentences and exaggerating obstruction charges, is a good example of how twisted and oblivious to reality the American mind can be. And, since people like you often vote, we don't really have to look that far to see why the "system is so fucked up".

But the crux of their obstruction case came from testimony by McFall, a computer expert so skilled he was tapped to help organize the FBI's elite Computer Analysis and Response Team, or CART.
McFall said his probe was stymied by a series of steps authorities allege Kernell took to cover his tracks, including deleting from the computer material gleaned from Palin's account, clearing his Internet history on one Web browser, uninstalling another browser and running a Windows tool designed to speed a computer up by overwriting space occupied by deleted files.

Things like this make me sad. Not just because I feel bad for the person, but also because frankly I don't want my taxes spent on keeping this man imprisoned for up to twenty years. Cost of imprisonment is on average 22,650 per year [usdoj.gov], at 20 years that's $453,000. In my opinion it's not worth that much to keep a man behind bars for guessing a password.

This is just another example of certain entitled people abusing the court system because the cannot take care of themselves. Here is a case of incompetent person asking the taxpayers to pay for consequences that should have never been necessary in the first place. For instance, would a jury really convict a person for twenty years if they stole a laptop left in a public location? Well, we will see what the Apple iPhone situation results in.

...I don't want my taxes spent on keeping this man imprisoned for up to twenty years. Cost of imprisonment is on average 22,650 per year, at 20 years that's $453,000. In my opinion it's not worth that much to keep a man behind bars for guessing a password.

He won't get anything near 20 years. In a case like this he'll get almost no time in a minimal security facility, then he'll be put on probation for a number of years and he might also have to do community service or similar. Total cost to the taxpayer will be minimal, the trial itself will probably cost more than the actual imprisonment.

That being said, you NEED to have the threat of 20 years so that there's a possible consequence to your actions. If you break into someone's e-mail there should be penalties and just the possibility of 20 years behind bars is enough to keep most people from trying this sort of thing. You also need it for repeat offenders so that you can punish them properly. This doesn't mean you always need to give the maximum, that's why it's a maximum and not a set amount.

are upheld in Court. Personal email really IS private, and people should be held accountable if they cross the line. Jail time sounds a bit extreme, given the youthful age of the accused, but I'm glad the legal precedents are being followed correctly.

You can't talk like that here. Rational, intelligent discourse isn't allowed on the internet. Turn in your/. UID and your geek card at the nearest ISP.

In all seriousness, I agree. It's great to see personal communications being held as personal. It's right in line with my understanding of the founders intent. However, I'd also like to see the laws changed so that government personnel can't hide behind private mail for official "off the record" business.

Somehow, I missed the original story. Must have been on travels at the time. Would someone help me with these basic questions? (I can't help being interested in the trivia. I love Sarah Palin stories. US politics would be so dull without her...)

- How did he hack the account? Guess the password? Do we know what the password was?

- Were funny email bits published on the net? Are they still available somewhere?

Somehow, I missed the original story. Must have been on travels at the time. Would someone help me with these basic questions? (I can't help being interested in the trivia. I love Sarah Palin stories. US politics would be so dull without her...)

- How did he hack the account? Guess the password? Do we know what the password was?

- Were funny email bits published on the net? Are they still available somewhere?

- How did the guy actually get caught?

-Guessed the password (or the password reset questions, forget which)-Posted screenshots of the inbox, I do not recall any funny bits-Posted to 4chan.

While I think he should be punished, online account hacking happens all the time (probably hundreds or thousands of times per day).And even with moderately higher profile hacking, not one normally gets charged.

"He gained access to Twitter accounts by simply working out the answers to password reminder questions on targets' e-mail accounts, according to investigators. "
Seriously, I hate those things. When it used to be allowed, I always just retyped my password into the answers for those security questions. It's always really easy stuff to socially engineer or, in the case of a public figure, look up on google... Did he figure out the name of Obama's first pet, where he went to school, his first job, his mother's maiden name, or what? All of those things have got to be fairly easy to work out.

My bank now requires me to answer a security question *and* input my password in order to log in. And it picks a random one of my security questions (of which I was required to have 5 or so), which means I have to remember 6 distinct passwords for my bank. Shoot me.

Many years ago, a friend of mine worked in a bank and told me that they were actually cataloging all items in safety deposit boxs! Having worked at a bank and been blown away but so many lapses of security issues, this didn't surprise me. He gleefully went over various items they encountered - including womens underwear! Mostly papers, not as much jewelry one would expect and some cash.

So, if you really want to be safe, encrypt a file on a storage medium that requires a password and that

Did he figure out the name of Obama's first pet, where he went to school, his first job, his mother's maiden name, or what? All of those things have got to be fairly easy to work out.

You'd think so, given the vetting which is supposed to go into establishing a person's qualifications for the Office of the President but there's been substantial research into each of those things, and each of them bring up non-trivial questions of the veracity of so-called "established fact". Kinda odd considering the public scrutiny - in the media, government, and otherwise - of every other President to date.

I just use password strength answer and I keep a file of them. I had a great conversation with an online bank. Security had detected a pattern that was unusual and called me. They asked me what high school I went to. I told them UMc9vdX0QLOH (not really, but you get the idea.)

The guy was flabbergasted.

I told him that although I appreciated their security, I didn't trust them, say, to not sell a used laptop on ebay.

I just use password strength answer and I keep a file of them. I had a great conversation with an online bank. Security had detected a pattern that was unusual and called me. They asked me what high school I went to. I told them UMc9vdX0QLOH (not really, but you get the idea.)

The guy was flabbergasted.

I told him that although I appreciated their security, I didn't trust them, say, to not sell a used laptop on ebay.

He thought it was a great idea.

Of course if I loose my file, I'm screwed, but that's what backups are for.

If you loose your file, you can just tighten it back up again with a bit-wrench.

I believe a lot of those are insensitive to case, so does that mean that are stored as text and not as a hash (is hash the right word)? If so, would typing your password in those fields make your password more vulnerable?

To be fair, I'm sure Obama has never posted to his "own" Twitter page (I remember a published statement to that effect about his Facebook account, at least). It is actually some minor staffer who is the guilty party here: Obama is maybe only transitively guilty for trusting Rahm Emmanuel, who trusted the staffer (or the staffer's immediate boss). That stands in contrast to Sarah Palin's personal email account and the personal Twitter accounts of the celebrities involved in the other incident, the obvious

Except it wasn't the 'obvious password' which did them in, it was the lame drop-box security questions. Make it so all security questions are chosen when the account is created, and not selected from some stupid list, and your problem is solved.

Except it wasn't the 'obvious password' which did them in, it was the lame drop-box security questions. Make it so all security questions are chosen when the account is created, and not selected from some stupid list, and your problem is solved.

Please answer your security question: "What country were you born in ?"> "Kenya"

There are two stupid people at the heart of this story, David Kernell and Sarah Palin.

Huh? How was Palin stupid in the context of this incident? Was she stupid to use email, as she should have known the extremists on the Left would hack it? Or just stupid because she disagrees with your views?

Apparently, Palin must not have used that account in any way that seriously violated any ethics rules and/or laws in any meaningful way or she would have been tarred, feathered, pilloried, and publicly horse-whipped on

If there had been anything that could have even remotely made even the most shaky, thin case against Palin in the emails, you don't think it would have been the subject of a special Congressional committee and/or special prosecutor? You don't think that was *exactly* the intent behind the account cracking?

Actually, I was on ebaumsworld when the account was "hacked" and the first screenshots were posted and I can assure you it was done for the lulz [encycloped...matica.com] and not some some diabolical political purpose.

If there had been anything that could have even remotely made even the most shaky, thin case against Palin in the emails, you don't think it would have been the subject of a special Congressional committee and/or special prosecutor? You don't think that was *exactly* the intent behind the account cracking?

Actually, I was on ebaumsworld when the account was "hacked" and the first screenshots were posted and I can assure you it was done for the lulz [encycloped...matica.com] and not some some diabolical polit

If it were for laughs, why did he not try cracking email accounts of Hillary or Obama and instead chose Palin?

What bizarre alternate universe did you come from?

Just because the politically-motivated cracker was incompetent at exploiting the data politically or even at hiding his tracks doesn't affect the fact that Palin was a target because she was (and remains) a threat to the Progressive social & political agenda.

I'm a european so take this with appropriate quantities of salt but from where I'm standing Palin, Beck, the teabaggers, et al seem more of a threat to the internal cohesion of the Republican party than to the "progressive agenda" (whatever that means.)

The Republican Party and the Democratic Party have both been infiltrated by Progressives. Examples of Republican Progressives include (but aren't limited to) Lindsey Graham(sp?) and John McCain.

Was she stupid to use email, as she should have known the extremists on the Left would hack it?

Umm... what?
This guy wasn't an extremist anything, I was there reading the thread when he posted it, he mentioned in his thread that there wasn't anything interesting in it. [Apparently this somehow gets construed as him being an evil liberal socialist hippie extremist out to overthrow the government...] Then some whiteknight went and changed the password so that nobody could access the account.

The dude was just doing what any average person in his position would be doing if they got to look at Obama's emails or Dick Cheney's emails or Bush's emails.

As a Canadian, I've got to say, this Republican vs Democrat stuff is really really getting out of hand. Are you people children or adults, FFS.

Young David wasn't just looking around for any old account to break into, he was actively working on the account of a political opponent of his father's.

This also implies that David, despite claims that it was for "lulz", was almost certainly conducting a targeted search of her email. There would be no other reason for the son of a prominent Democrat to do what he di

Kernell was found guilty of computer fraud - a misdemeanor subject to a prison term of up to one year -- and obstruction of justice, which carries a maximum 20-year sentence.

Don't lie to the feds. They get all bent out of shape about that. Frankly, even if they were to question me about someone else's crime, I would give serious consideration to refusing to speak to them, out of concern that my version of events might not be the same as someone else's, and they might decide that I was the one "misremembering".